Kod: Zaznacz cały
packet-tracer input extwaf tcp 172.20.58.10 1025 172.17.4.100 443 detailed
Phase: 1
Type: CAPTURE
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xafeddf10, priority=13, domain=capture, deny=false
hits=34249, user_data=0xaea5b478, cs_id=0x0, l3_type=0x0
src mac=0000.0000.0000, mask=0000.0000.0000
dst mac=0000.0000.0000, mask=0000.0000.0000
input_ifc=extwaf, output_ifc=any
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0xacf63048, priority=1, domain=permit, deny=false
hits=41149066, user_data=0x0, cs_id=0x0, l3_type=0x8
src mac=0000.0000.0000, mask=0000.0000.0000
dst mac=0000.0000.0000, mask=0100.0000.0000
input_ifc=extwaf, output_ifc=any
Phase: 3
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
nat (toNet,extwaf) source static obj_172.17.4.100 obj_172.17.4.100 destination static obj-waf-vip obj-waf-vip no-proxy-arp
Additional Information:
NAT divert to egress interface toNet
Untranslate 172.17.4.100/443 to 172.17.4.100/443
Phase: 4
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group in_extwaf in interface extwaf
access-list in_extwaf extended permit tcp object-group pota-waf object-group BPH-vpn eq https
object-group network obj-waf
network-object 172.20.58.10 255.255.255.255
object-group network OBJ-vpn
network-object object obj_172.17.4.100
Additional Information:
Forward Flow based lookup yields rule:
in id=0xafb35cc0, priority=13, domain=permit, deny=false
hits=14, user_data=0xaa464a00, cs_id=0x0, use_real_addr, flags=0x0, protocol=6
src ip/id=172.20.58.10, mask=255.255.255.255, port=0, tag=0
dst ip/id=172.17.4.100, mask=255.255.255.255, port=443, tag=0, dscp=0x0
input_ifc=extwaf, output_ifc=any
Phase: 5
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (toNet,extwaf) source static bph_172.17.4.100 bph_172.17.4.100 destination static pota-waf-vip pota-waf-vip no-proxy-arp
Additional Information:
Static translate 172.20.58.10/1025 to 172.20.58.10/1025
Forward Flow based lookup yields rule:
in id=0xaea0cd18, priority=6, domain=nat, deny=false
hits=1, user_data=0xacf01668, cs_id=0x0, flags=0x0, protocol=0
src ip/id=172.20.58.10, mask=255.255.255.255, port=0, tag=0
dst ip/id=172.17.4.100, mask=255.255.255.255, port=0, tag=0, dscp=0x0
input_ifc=extwaf, output_ifc=toNet
Phase: 6
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xacb6ff98, priority=1, domain=nat-per-session, deny=true
hits=28610526, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=any
Phase: 7
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xacf688e8, priority=0, domain=inspect-ip-options, deny=true
hits=13419095, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=extwaf, output_ifc=any
Phase: 8
Type: FOVER
Subtype: standby-update
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xad06ffd8, priority=20, domain=lu, deny=false
hits=116913, user_data=0x0, cs_id=0x0, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=extwaf, output_ifc=any
Phase: 9
Type: VPN
Subtype: encrypt
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
out id=0xafed1780, priority=70, domain=encrypt, deny=false
hits=2, user_data=0x85e644, cs_id=0xada983f8, reverse, flags=0x0, protocol=0
src ip/id=172.20.58.10, mask=255.255.255.255, port=0, tag=0
dst ip/id=172.17.4.100, mask=255.255.255.255, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=toNet
Phase: 10
Type: ACCESS-LIST
Subtype: vpn-user
Result: DROP
Config:
Additional Information:
Forward Flow based lookup yields rule:
out id=0xac730420, priority=12, domain=vpn-user, deny=true
hits=38, user_data=0xaa47fa00, filter_id=0x0(-implicit deny-), protocol=0
src ip=0.0.0.0, mask=0.0.0.0, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0
Result:
input-interface: extwaf
input-status: up
input-line-status: up
output-interface: toNet
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule